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CLAIMS 

1 . A subscriber identification module for providing local authentication of a 
2 subscriber in a communication system, comprising: 

a memory; and 

4 a processor configured to implement a set of instructions stored in the 

memory, the set of instructions for: 
6 generating a plurality of keys in response to a received 

challenge; 

8 generating an initial value based upon a first key from the 

plurality of keys; 

10 concatenating the initial value with a received signal to form an 

input value, wherein the received signal is transmitted from a 
12 communications unit communicatively coupled to the subscriber 

identification module, and the received signal is generated by the 
14 communications unit using a second key from the plurality of keys, the 

second key having been communicated from the subscriber 
16 identification module to the communications unit; 

hashing the input value to form an authentication signal; and 
18 transmitting the authentication signal to the communications 

system via the communications unit. 

2. The apparatus of Claim 1, wherein hashing the input value is 
2 performed in accordance with the Secure Hashing Algorithm (SHA-1 ). 

3. The apparatus of Claim 1, wherein generating the initial value 
2 comprises padding the first key. 

4. The apparatus of Claim 3, wherein generating the initial value further 
2 comprises adding the padded first key bit-wise to a constant value. 

5. The apparatus of Claim 1, wherein the received signal is generated at 
2 the communications unit by: 
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receiving the second key from the subscriber identification module; 
4 generating a local initial value based upon the second key; 

concatenating the local initial value and a message to form a local input 

6 value; 

hashing the local input value to form the received signal; and 
8 transmitting the received signal to the subscriber identification module. 

6. The apparatus of Claim 5, wherein generating the local initial value 
2 comprises padding the second key. 

7. The apparatus of Claim 6, wherein generating the local initial value 
2 further comprises adding the padded second key bit-wise to a second 

constant value. 

8. A subscriber identification module, comprising: 
2 a key generation element; and 

a signature generator configured to receive a secret key from the key 
4 generation element and information from a mobile unit, and further configured 

to generate a signature that will be sent to the mobile unit, wherein the 
6 signature is generated by concatenating the secret key with the information 

from the mobile unit and hashing the concatenated secret key and 
8 information. 

9. The subscriber identification module of Claim 8, wherein the key 
2 generation element comprises: 

a memory; and 

4 a processor configured to execute a set of instructions stored in the 

memory, wherein the set of instructions performs a cryptographic 
6 transformation upon an input value to produce a plurality of temporary keys. 

10. The subscriber identification module of Claim 9, wherein the 
2 cryptographic transformation is performed using a permanent key. 
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11. An apparatus for providing secure local authentication of a subscriber 
2 in a communication system, comprising a subscriber identification module 

configured to interact with a communications unit, wherein the subscriber 
4 identification module comprises: 

a key generator for generating a plurality of keys from a received 
6 value and a secret value, wherein at least one communication key from 

the plurality of keys is delivered to the communications unit and at least 
8 one secret key from the plurality of keys is not delivered to the 

communications unit; and 
10 a signature generator for generating an authorization signal from 

hashing a version of the at least one secret key together with an 
12 authorization message, wherein the authorization message is 

generated by the communications unit using a version of the at least 
14 one communication key. 

12. The apparatus of Claim 11, wherein the subscriber identification 
2 module is configured to be inserted into the communications unit. 

13. The apparatus of Claim 11, wherein the at least one communication 
2 key comprises an integrity key. 

14. The apparatus of Claim 11, wherein hashing is performed in 
2 accordance with SHA-1 . 

15. A method for providing authentication of a subscriber using a 
2 subscriber identification device, comprising: 

generating a plurality of keys; 
4 transmitting at least one key from the plurality of keys to a 

communications device communicatively coupled to the subscriber 
6 identification device and holding private at least one key from the plurality of 

keys; 

8 generating a signature at the communications device using both the at 

least one key transmitted to the communications device and a transmission 
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10 message, wherein generating is implemented by hashing a concatenated 
value formed from the at least one key and the transmission message; 

12 transmitting the signature to the subscriber identification device; 

receiving the signature at the subscriber identification device; 

14 generating a primary signature from the received signature, wherein 

the generating is implemented by hashing a concatenated value formed from 

16 the at least one private key and the signature received from the 
communications device; and 

18 conveying the primary signature to a communications system. 

16. The method of Claim 15, wherein hashing is implemented in 
2 accordance with SHA-1 . 

17. An apparatus for authenticating a subscriber in a wireless 
2 communication system, wherein the apparatus can be communicatively 

coupled to a mobile station operating within the wireless communications 
4 system, comprising: 
a memory; and 

6 a processor configured to implement a set of instructions stored in the 

memory, the set of instructions for selectively generating a primary signature 

8 based upon a key that is held private from the mobile station and a secondary 
signature that is received from the mobile station. 



